|
|
|
|
|
|
by Uehreka
2021 days ago
|
|
|
Really though? What are you looking for in this inspection? This strikes me as one of those things where the “inspectors” underestimate the security of “curl|bash from a known HTTPS origin” and overestimate their ability to detect anything that could evade that security. At that point you’re dealing with a g0d level hacker, or your cert trust has been broken, and in either of those cases you were already pwned. |
|
|
As example: https://sh.rustup.rs It's really easy to read and useful to understand what it does.
If it's too obfuscated and I can't understand it I don't run it and look for other install options or give up
If I do spot bugs, I'll go to their github and provide a PR.
If I spot something malicious I'll check the github to see who put it in and raise the problem. (if it's not on github then alarm bells)